Undoubtedly, the aftermath of the Covid -19 pandemic triggered remarkable changes in the digital behavior of both individuals and organizations. The desire to adapt to the new normal post-pandemic necessitated a thorough evaluation of pandemic-driven IT and cybersecurity changes.
Thus, as businesses adapted to a new operating paradigm in which remote working became the “new normal,” the coronavirus epidemic presented further obstacles. As a result, companies accelerated their digital transformations, and cybersecurity became a big problem.
If cybersecurity concerns are ignored, the consequences for reputation, operations, legality, and compliance could be severe. This article looks at the evolution of cybersecurity in the post-covid-19 era.
- Overview of cybersecurity
Cybersecurity is a core aspect of information and computer technology (ICT). Cybersecurity is the collection of technologies, processes, and practices that protect an organizational asset from unauthorized access or authorized misuse. Unauthorized personnel can be classified as hackers, nation-state activists, and script kiddies, while authorized personnel who misuse their assigned privileges are called malicious insiders[i].
- Cybersecurity Threat in Fintech
Financial cyber hazards such as extortion, denial of service attacks, and credit card fraud have become more common due to the widespread usage of various digital wallet techniques. These hacks can potentially put the financial sector’s system in danger. Some of the most well-publicized hacks in the financial industry have harmed essential economic infrastructures like message systems. In addition, these assaults can cause service disruptions by destroying hardware and compromising critical company data.
The two most common cyberattacks on FinTech across the globe are data breaches and distributed denial of service (DDoS).
- Covid 19 pandemic – the game changer
Cyber security became collateral damage during the covid 19 pandemic, and cyber-attacks have become the fastest-rising crime on a global scale in the post-covid age.
The changes in the work environment, particularly the security challenges of remote work, fostered a breeding ground for cyberattacks, phishing, the Infection of IT systems with malware (including ransomware, spyware, worms, trojans, and viruses), and hacking, amongst others.
Cybercriminals are taking advantage of the current unprecedented pandemic crisis to mount increasingly sophisticated, massive, and frequent cyber-attacks. Additionally, as organizations move to remote working, the likelihood of cybersecurity incidents increases due to insecure technical infrastructure, insufficient data security practices, and a lack of cybersecurity awareness. Today, the healthcare, education, and financial sectors are emerging as lucrative and soft targets of cybercriminals because their data and ICT infrastructure is vital for day-to-day operations[ii]. Research from Boston Consulting Group (BCG) established that the Banking and financial sectors are 300 times more at risk of cyberattacks than other companies.
- The Case in Nigeria
Cybercrime has become a global phenomenon, with prevalent internet connectivity facilitating actions such as bank account raiding, identity theft, impersonation, and the theft of corporate secrets. Analysis of the most common cyber risks in the past years has revealed that the size and impact of these risks are not constant. As of 2022, it was reported that Nigerian businesses suffer 2308 cyberattacks every week.[iii]
Cyberattacks can have far-reaching and devastating financial and reputational impacts on organizations and individuals. The research also found that financial loss and data breaches were the most significant consequences for Nigerian organizations.
Nigerians have become cyber-creatures, spending a significant amount of time online. As the digital world expands, so does cybercrime in Nigeria. The necessity to combat these seemingly uncontrollable phenomena gave rise to Cyber Laws in Nigeria. Cyberlaw acts as a shield over cyberspace, preventing cybercrime from occurring. The government is committed to developing and enforcing regulations to combat illicit online activities.[iv]
- Legal requirements about cybersecurity applicable to organizations in Nigeria (with particular reference to Financial Institutions)
In Nigeria, cybercrimes are primarily regulated by the Cybercrimes (Prohibition and Regulation) Act of 2015. The Cybercrimes Act prescribes the minimum standards that are applicable across all business sectors in Nigeria and incorporates, within its ambit, data protection/information security. It was passed into law in 2015 to provide the much-needed legislation to govern the growing menace of cybercrime. It also sought to consolidate all other sector-specific regulations that have cybercrime provisions into one cohesive legislation.
The Terrorism Protection Act also makes salient provisions for curbing cybercrimes in financial institutions.
- Sections 19 and 37 of the Cybercrimes Act require financial institutions to:
- not vest a single employee with both posting and access authorization rights;
- implement effective counter-fraud measures to safeguard customers’ sensitive information;
- verify the identity of customers carrying out electronic financial transactions before the issuance of cards and other related electronic devices;
- apply KYC principles on customers before executing customers’ electronic transfer, payment, debit, and issuance orders; and
- provide explicit legal authorization of any unauthorized debit on a customer’s account or reverse such debit within 72 hours.
- In addition, banks and other financial institutions are required by Section 44 of the Cybercrimes Act to contribute a levy of 0.005% of all electronic transactions carried out by them into the National Cybersecurity Fund (the “Fund”).
- Section 14 of the Terrorism Protection Act obligates financial institutions to report suspicious transactions relating to terrorism to the Financial Intelligence Unit within 72 hours of such transactions. The TPA defines “acts of terrorism” as an act deliberately done with malice aforethought and which involves or causes destruction to a government or public facility, a transport system, an infrastructure facility, and an information system. This obligation arises when the financial institution has sufficient reason to suspect that the funds involved in the transaction:
- are derived from legal or illegal sources but are intended to be used for any act of terrorism;
- are proceeds of a crime related to terrorist financing or
- belong to a person, entity, or organization considered a terrorist or a terrorist organization.
- The Central Bank of Nigeria mandates all banks and payment service providers to maintain a dedicated fraud desk to support customers on electronic fraud, block or place restrictions on customers’ accounts upon receipt of fraud complaints, etc.
The post-covid period is projected to be characterized by financial and operational difficulties and increased cyber threats. This will likely be the new normal until the pandemic is truly behind us and its dust settles. As a result, organizations of all sizes, industries, and financial resources are re-evaluating their cybersecurity and budget objectives. The need to re-evaluate cybersecurity measures has fostered a shared sense of urgency and the desire to adopt cybersecurity models that include perimeter protection, enhanced automation, next-generation identification, access controls, and integrated security.
It is also imperative for lawmakers to echo cybersecurity concerns in political hallways and other appropriate places, as this is expected to lead to a slew of market-driven developments and legislation shortly.
[i] Understanding Cybersecurity Management in Fintech by Gurdip Kaur, Ziba Habibi Lashkari & Arash Habibi Lashkari
[ii] https://bsabh.com/cybersecurity-for-smes/?utm_source=Mondaq&utm_medium=syndication&utm_campaign=LinkedIn-integration accessed on 19 May 2022 at 12:00 pm
[iii] https://businessday.ng/technology/article/nigerian-businesses-suffer-2308-cyber-attacks-every-week/ accessed on 17 May 2022 at 7:55 am
[iv] https://www.mondaq.com/nigeria/security/1088292/cybercrimes-and-cyber-laws-in-nigeria-all-you-need-to-know accessed on 19 May 2022 at 11:41 am
Written by Daniella Ogbonnaya for The Trusted Advisors
Email us: [email protected]